CVE-2007-3651
MEDIUMFaName 1.0 - Exposure of Sensitive Information via id Parameter
Title source: llmDescription
class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation path in an error message.
References (2)
Core 2
Core References
Exploit x_refsource_misc
http://www.netvigilance.com/advisory0041
Various Sources x_refsource_misc
http://descriptions.securescout.com/tc/17971
Scores
CVSS v3
5.3
EPSS
0.0097
EPSS Percentile
57.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (1)
fascript/faname
1.0
Published
Jul 09, 2008
Tracked Since
Feb 18, 2026